Dynamic Seed provisioning using QR Code
Originally Published: 2015-02-17
Article Number
Applies To
Issue
- administrative setup:-
- add software token profile (that support the QR code)
- Distribute Software token
- Token provisioning request by end user from self-service console
- Import software token by end user from self-service console
Resolution
Dynamic Seed Provisioning Using QR Code
The QR Code feature is supported by the following:
- RSA SecurID Software Token 2.x for iOS
- RSA SecurID Software Token 2.x for Android
Activate QR Code
- Add software token profiles that support QR codes (2.x for iOS / 2.x for Android):
Authentication → Software Token Profiles → Add New → Import new device definition file (if 2.x is not found in the device type) → Save. - Under Profile Settings tab:
- Delivery Method: Choose Dynamic Seed Provisioning (CT-KIP)
- Under CT-KIP: Select User imports token via QR code in Self-Service Console (Recommended for High Security)
Distribute Software Token
- Choose the Software Token Profile (Android 2.x / iOS 2.x)
- Save and distribute (you will find Delivery Method → Dynamic Seed Provisioning (using QR code))
- Submit job
- Download output file
Distribute in Bulk
- Navigate to: SecurID Tokens → Distribute Software Tokens in Bulk → Generate Dynamic Seed Provisioning Credentials
- Choose the Software Token Profile (Android 2.x / iOS 2.x)
- Select the serial number ranges of the tokens → Next
- Confirm Delivery Method → Dynamic Seed Provisioning (using QR code)
- Submit job
- Download output file
Self-Service Console
-
Allow users to request token profile from the Self-Service Console:
Setup → Self-Service Settings → Software Token Profiles Available for Request- Allow users to request (Android 2.x / iOS 2.x) profile software tokens
- Choose one of these profiles as default
Enable CT-KIP URL if QR Code is not working
Setup → Self-Service Settings → Customization Tab → Enable and Disable Self-Service Features
- QR Code Fallback Option: Allow email delivery of CT-KIP URL if user cannot scan QR Code
Token Provisioning Scenario
- User requests a token from the Self-Service Console and selects a token profile (Android 2.x or iOS 2.x)
- Admin approves the request from: Security Console → Administration → Provisioning Request
- User receives an email confirming the request is approved and token needs activation
- User activates the token and the QR code is displayed (valid for 5 minutes only)
- User scans the QR Code and starts using the token
- If QR code is not working, choose Send Activate Token Link (CT-KIP URL)
Thank you
Notes
Email option must be enabled
Only applicable for IOS and Android
End user must be in the same network as the authentication manager (dynamic seed provisioning) unless there is a webtier
Related Articles
Distribute One Software Token Using Dynamic Seed Provisioning Number of Views New Delivery Method for Token Seed Records Number of Views Token Seed Decrypt options with on-Prem Authentication Manager, including PDP-G & SID-830 Keys - How to decrypt Token Seed… Number of Views missing CD for token media from shipment because Token media is now delivered digitally from my.rsa.com Number of Views Token seed import fails with 'Import Token failure' error for RSA Authentication Manager Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.9 Release Notes (January 2026) Artifacts to gather in RSA Identity Governance & Lifecycle RSA Governance & Lifecycle 8.0.0 Administrators Guide RSA Governance & Lifecycle 8.0.0 Installation Guide
Don't see what you're looking for?
